2.2.21

[Bug Fix]: You can now configure Azure deployments to use Availability Zones after upgrading from an earlier version.

[UI Improvement]: The notification banner that appears when a certificate in your deployment is about to expire is updated for clarity.

Ops Manager v2.2.21 uses the following component versions:

Component

Version

Ops Manager

2.2-build.436*

Stemcell

3586.93*

BBR SDK

1.6.0

BOSH Director

266.16.0

BOSH DNS

1.10.0

Metrics Server

0.0.22

CredHub

1.9.11*

Syslog

11.4.0

UAA

57.9

BPM

0.12.3

Networking

8

OS Conf

20.0.0

AWS CPI

70

Azure CPI

35.4.0

Google CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

Credhub CLI

1.7.7

BBR CLI

1.5.0*

* Components marked with an asterisk have been updated.

2.2.20

There are no additional features or fixes in this release.

Ops Manager v2.2.20 uses the following component versions:

Component

Version

Ops Manager

2.2-build.427

Stemcell

3586.86

BBR SDK

1.6.0

BOSH Director

266.16.0

BOSH DNS

1.10.0

Metrics Server

0.0.22

CredHub

1.9.9

Syslog

11.4.0

UAA

57.9

BPM

0.12.3

Networking

8

OS Conf

20.0.0

AWS CPI

70

Azure CPI

35.4.0

Google CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

Credhub CLI

1.7.7

BBR CLI

1.4.0

Components marked with an asterisk have been updated.

2.2.19

[Security Fix]: Updates bootstrap from 3.4.0 to 3.4.1.

Ops Manager v2.2.19 uses the following component versions:

Component

Version

Ops Manager

2.2-build.424*

Stemcell

3586.79

BBR SDK

1.6.0

BOSH Director

266.16.0

BOSH DNS

1.10.0

Metrics Server

0.0.22

CredHub

1.9.9

Syslog

11.4.0

UAA

57.7

BPM

0.12.3

Networking

8

OS Conf

20.0.0

AWS CPI

70

Azure CPI

35.4.0

Google CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

Credhub CLI

1.7.7

BBR CLI

1.4.0*

* Components marked with an asterisk are updated.

2.2.18

There are no additional features or fixes in this release.

Ops Manager v2.2.18 uses the following component versions:

Component

Version

Ops Manager

2.2-build.418*

Stemcell

3586.79*

BBR SDK

1.6.0

BOSH Director

266.16*

BOSH DNS

1.10.0

Metrics Server

0.0.22

CredHub

1.9.9*

Syslog

11.4

UAA

57.7

AWS CPI

70

Azure CPI

35.4

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

* Components marked with an asterisk are updated.

2.2.17

[New Feature]: You can now upgrade from the most recent version of v2.2, which may use multiple NATS certificate authorities (CAs) to a version of v2.3 that only supports one NATS CA and was released prior to the version of v2.2 from which you are upgrading.

[New Feature]: You can now change a selected option of a selector through the API using the human-readable name of the option. Send a PUT to /api/v0/staged/products/:guid/properties with a selected_option key. The PUT API endpoint can also parse both value, for the human-readable value, and option_value, for the machine-readable value.

[Bug Fix]: When an Azure-based Ops Manager Director is configured with invalid Azure account credentials (such as a subscription ID, tenant, or other credentials) and you try to create a network, you now an error message, rather than a 500 error.

[Bug Fix]: Ops Manager now uses GCP images that are located in the United States. This should prevent image object generation problems sometimes seen in images based in Europe and Asia.

[Bug Fix]: The Azure CPI is reverted to 35.4 to resolve a customer issue.

Ops Manager v2.2.17 uses the following component versions:

Component

Version

Ops Manager

2.2-build.414*

Stemcell

3586.70

BBR SDK

1.6.0

BOSH Director

266.15

BOSH DNS

1.10.0

Metrics Server

0.0.22

CredHub

1.9.3

Syslog

11.4

UAA

57.7

AWS CPI

70

Azure CPI

35.4*

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

* Components marked with an asterisk are updated.

2.2.16

[Security Fix]: A potential XXS vulnerability in the resource_config API endpoint is mitigated.

[New Feature]: NATS certificate information, including expiration dates, is now available through the API. Use the api/v0/deployed/certificates endpoint to view this information.

[New Feature]: You can now use the BOSH Backup and Restore (BBR) CLI from the Ops Manager VM. This means you no longer have to download or upgrade BBR when you upgrade the Ops Manager VM.

[Bug Fix]: Ops Manager now reloads NGINX when the configuration is updated. Previously, Ops Manager would restart NGINX, which could cause temporary downtime. NGINX now serves traffic consistently when it is updating.

Ops Manager v2.2.16 uses the following component versions:

Component

Version

Ops Manager

2.2-build.406*

Stemcell

3586.70*

BBR SDK

1.6.0

BOSH Director

266.15*

BOSH DNS

1.10.0

Metrics Server

0.0.22*

CredHub

1.9.3

Syslog

11.4*

UAA

57.7*

AWS CPI

70

Azure CPI

35.5

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

* Components marked with an asterisk are updated.

2.2.15

[New Feature]: Credentials now return in some API calls. If you have sufficient permissions, sending a GET to director/properties or director/iaas_configurations/guid or products/guid/properties with the redact=false parameter will return all keys and values, including credentials.

[Feature Improvement]: Selectors without a default option display in the list of /api/v0/staged/products/product-guid/properties as null.

[Feature Improvement]: Some error messages that appear in the API are more reader-friendly.

[Bug Fix]: You can no longer export using the API without deploying.

[Bug Fix]: /api/v0/deployed/director/manifest now works when upgrading from 2.1 to 2.2.

[Bug Fix]: Installation Change records now have a deployment status other than null.

Ops Manager v2.2.15 uses the following component versions:

Component

Version

Ops Manager

2.2-build.398*

Stemcell

3586.66*

BBR SDK

1.6

BOSH Director

266.14

BOSH DNS

1.10.0

Metrics Server

0.0.21

CredHub

1.9.3

Syslog

11.3

UAA

57.6

AWS CPI

70

Azure CPI

35.5

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

* Components marked with an asterisk are updated.

2.2.14

[Bug Fix]: Viewing product properties API endpoint for selector properties no longer fails when no option is selected, it returns null for that field.

[Security Fix]: GETs to any Ops Manager or UAA API endpoint no longer return any information about the web server, including version numbers.

Ops Manager v2.2.14 uses the following component versions:

Component

Version

Ops Manager

2.2-build.386*

Stemcell

3586.60

BBR SDK

1.6

BOSH Director

266.14

BOSH DNS

1.10.0

Metrics Server

0.0.21

CredHub

1.9.3

Syslog

11.3

UAA

57.6

AWS CPI

70

Azure CPI

35.5*

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.4

* Components marked with an asterisk are updated.

2.2.13

[New Feature]: A banner appears on the Dashboard when certificates are about to expire.

[New Feature]: The Ops Manager API has a selected option identifier for a selector property. For example, properties.SELECTOR_NAME.SELECTOR_OPTION.OPTION-NAME. This helps identify what properties are associated with the selected option on a selector.

[New Feature]: Ops Manager operators with permissions to see credentials can send a GET to director/properties, director/iaas_configurations/guid, director/iaas_configurations, or products/guid/properties with the redact=false parameter to see an API response that includes credentials.

2.2.12

[New Feature]: Ops Manager operators with sufficient permissions to see credentials can now send a GET to director/properties, director/iaas_configurations/guid, director/iaas_configurations, or products/guid/properties
with the redact=false parameter to see an API response that includes credentials.

[Feature Improvement]: When a user who has not logged into Ops Manager is prompted to log in to view a page, logging in returns them to the page they tried to access, rather than the Installation Dashboard.

[Bug Fix]: The API docs now show instance_groups in some locations where they previously referenced jobs.

Ops Manager v2.2.12 uses the following component versions:

Component

Version

Ops Manager

2.2-build.379*

Stemcell

3586.57

BBR SDK

1.6

BOSH Director

266.14

BOSH DNS

1.10.0

Metrics Server

0.0.21

CredHub

1.9.3

Syslog

11.3

UAA

57.6

AWS CPI

70

Azure CPI

35.4

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50.0.3*

* Components marked with an asterisk are updated.

2.2.11

[Bug Fix]: The SAML certificate now regenerates when authentication method changes from SAML to internal, rather than when SAML is enabled. This facilitates a greater number of authentication method workflows, including those which change Ops Manager metadata.

[Bug Fix]: Ops Manager now captures changes to the database, including reversions to old passwords, more completely.

[Feature Improvement]: There are now API docs for the GET and PUT ssh_banner_contents endpoints.

Ops Manager v2.2.11 uses the following component versions:

Component

Version

Ops Manager

2.2-build.376*

Stemcell

3586.57

BBR SDK

1.6

BOSH Director

266.14

BOSH DNS

1.10.0

Metrics Server

0.0.21

CredHub

1.9.3

Syslog

11.3

UAA

57.6

AWS CPI

70

Azure CPI

35.4

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50

* Components marked with an asterisk are updated.

2.2.10

[Security Fix]: Upgrades Loofah to 2.2.3 to address a CVE.

[Security Fix]: Upgrades Rack to 2.0.6 to address a CVE.

[New Feature]: A Pivotal-specific GUID now appears in the global CPI options for Azure deployments. View this key/value pair in the CPI configururation of the BOSH Director manifest.

2.2.8

[New Feature]: Operators can tune the swap size as a percent of total memory size per instance group.

[Bug Fix]: Bumps Azure CPI up to 35.4 to fix LockTimeoutError issues.

[Bug Fix]: Operators can change the Director Hostname without losing connection between BOSH Director and VMs.

[Bug Fix]: Stemcells no longer accidentally downgrade when upgrading to a new Ops Manager. This rare bug occurred when a product had a newer stemcell patch than Ops Manager included during the upgrade.

[Bug Fix]: Operators can work around an expired SAML service provider cert by disabling and enabling SAML.

[Feature Improvement]: The expiring certificates endpoint (/api/v0/deployed/certificates) now includes information about the SAML service provider cert.

[Feature Improvement]: When you import products that use the future Unified Syslog feature, you are warned that some syslog features will not be active in this version of Ops Manager.

[Bug Fix]: Dynamic JS pages now show the message from server-side errors instead of alert boxes with JavaScript errors (such as [Object object] or t.filter()).

[New Feature]: You can now configure custom DNS handlers using the Ops Manager API.

[New Feature]: You can now configure recursor timeouts using the Ops Manager API.

Ops Manager v2.2.8 uses the following component versions:

Component

Version

Ops Manager

2.2-build.339*

Stemcell

3586.48*

BBR SDK

1.6

BOSH Director

266.13*

BOSH DNS

1.10.0

Metrics Server

0.0.21

CredHub

1.9.3

Syslog

11.3

UAA

57.4

AWS CPI

70

Azure CPI

35.4

GCP CPI

27.0.1

OpenStack CPI

38

vSphere CPI

50

* Components marked with an asterisk are updated.

2.2.7

[Bug Fix]: You are now only prompted to unlock Ops Manager once when enabling Rescue Mode.

New Features in Ops Manager v2.2

Ops Manager v2.2 includes the following major features:

Multiple Data Centers on vSphere

Ops Manager now allows you to configure multiple vSphere vCenters to a single BOSH Director.

You can add additional data centers in the vSphere Config pane of your vSphere BOSH Director tile. For more information about how to add, edit, and delete vCenters, see Managing Multiple vSphere vCenters.

Note: If you use the Ops Manager API and multiple vSphere configs exist, the GET HTTP request for Director properties omits the iaas_configuration key.

Selectively Deploy Tiles in Ops Manager or by an API Endpoint

You can now choose to deploy a selection of tiles rather than all tiles in Ops Manager. If you choose to selectively deploy your environment, you can drastically reduce the time to Apply Changes. This feature is ideal to limit updates to one or more tiles, which reduces the amount of change in any given deployment.

In the Ops Manager UI, this feature is in beta. It is generally available as an API endpoint. To selectively deploy tiles using the API, send a POST to /api/v0/installations. For more information, see Triggering an install process in the Ops Manager API documentation.

Azure Stack is Generally Available

Pivotal officially supports Azure Stack.

Azure Stack is a hybrid cloud platform that lets you deliver Azure services from your own on-premise datacenter. For more information about Azure Stack, see What is Azure Stack? from the Microsoft Azure documentation.

You can configure Azure Stack through the BOSH Director for Azure tile. For more information about Azure Stack-specific configurations, see the steps in the Azure Config Page section of the Configuring BOSH Director on Azure topic.

Ops Manager Supports Azure China

Ops Manager now supports a special region in Azure called Azure China. Azure China is a physically separated instance of cloud services that is located in China and independently operated. For more information about Azure China, see What is Azure China 21Vianet? in the Azure China documentation.

To tell the BOSH Director that you are using an Azure China environment, go to the BOSH Director for Azure tile and select Azure China Cloud from the Azure Environment field. For more information, see Azure Config Page in the Configuring Ops Manager on Azure manual installation topic.

Multi-Line Credentials

Ops Manager v2.2 now supports text areas for any type of multi-line credential. If you want a secret property to use a text area instead of the default single-line text field, you must set display_type to text_area in the property_inputs section of your property blueprint, as in the example below.

Specify a Custom Trusted SSL Certificate

Operators can specify a custom trusted SSL certificate and key for the Ops Manager server so that traffic isn’t exposed to man-in-the-middle attacks when using Ops Manager.

By default, Ops Manager uses an auto-generated self-signed certificate. To change this configuration to your own SSL certificate, navigate to Settings from the Ops Manager Installation Dashboard and select the SSL Certificate pane to enter your Certificate and Private Key.

For more information about navigating the Ops Manager Settings page, see Settings Page in the Understanding the Ops Manager Interface topic.

Delete Your Pivotal Network API Token

You can now delete your Pivotal Network API token, along with the Pivotal Network release dashboard and all of the tile metadata from Pivotal Network products.

For more information, see Settings Page in the Understanding the Ops Manager Interface topic.

Configure an Ops Manager Syslog Server

You can configure a syslog server for Ops Manager logs. Logs include rails production logs, audit logs, UAA logs, nginx logs, and upstart logs for Ops Manager processes as well as additional log types. Previous to this change, Ops Manager logs were not centralized in one accessible location. You also have the option to TLS-encrypt your logs.

To configure syslog for Ops Manager, go to Syslog from Ops Manager Settings, select Yes to enable syslog and fill the required fields. Only administrators can view the Syslog pane.

For more information about configuring syslog for Ops Manager, see Settings Page in the Understanding the Ops Manager Interface topic.

Note: When you enter your syslog credentials, Ops Manager does not validate them. You should test your syslog server to ensure that the credentials were entered correctly and the server is receiving Ops Manager logs.

Breaking Change: If you were running scripts to get Ops Manager logs, those scripts break on upgrade to Ops Manager v2.2 and later.

Xenial Stemcell Upgrade Support

As of April 2019, Trusty stemcells will no longer receive support, nor will Pivotal have CVE patches for them. Ops Manager v2.2 allows tile authors to upgrade from Trusty stemcells to Xenial stemcells.

TLS for Internal Blobstore Supported

Ops Manager now supports TLS communications if you choose to use an internal blobstore.

To enable internal blobstore TLS communication, all of your tiles must have stemcell v3586 or later. You can configure internal TLS by clicking Enable TLS in the Director Config pane of the BOSH Director tile.

Custom TLS Certificate for External MySQL Database Supported

Ops Manager now allows you to configure a custom TLS certificate for an external MySQL database.

Change Log Includes Products Deployed but Unchanged

The Change Log pane lists products as Unchanged when they remain deployed, but their configuration has not changed from a prior deployment, so Ops Manager did not re-deploy them.

More Detail Available By Ops Manager API Endpoint

A new API endpoint is available for Ops Manager. Send a GET to /v0/staged/pending_changes to see details about your Ops Manager installation, including tile names, errand names, build version, and deployment status. The API response will show information on all tiles, whether they are deployed or have pending changes.

Custom Identification Tags Supported

You can specify a single set of tags that apply to all VMs and disks for your foundation. Identification tags allow you to easily identify which foundation your VMs belong to when viewing your IaaS. You are able to set custom Identification Tags in the Director Config pane of your BOSH Director tile.

BOSH DNS Enabled By Default

BOSH DNS is enabled by default for both app containers and PCF components in PCF v2.2.

In previous versions, Consul managed service discovery between PCF components, but Consul is being replaced by BOSH DNS.

Note: In PCF v2.2, Consul and BOSH DNS are both available in PCF, but BOSH DNS is the only service used for DNS requests.

You can disable BOSH DNS if instructed to do so by Pivotal support. If you disabled BOSH DNS in PCF v2.1, reenable it before upgrading to PCF v2.2. For more information, see BOSH DNS Enabled By Default.

WARNING: Do not disable BOSH DNS without instructions from Pivotal support. Disabling BOSH DNS will also disable PKS, NSX-T, and several PAS features.

“When Changed” Errand Setting Removed

Ops Manager no longer includes a When Changed option for tile errands. In the Errands pane for a given tile, you can set errands On to run them or Off to not run them. The default setting is On.

Known Issues

WARNING: Ops Manager v2.2 is not supported by PKS starting in PKS v1.3. Use a later version of Ops Manager if you wish you use PKS v1.3.

DNS Server Hangs or DNS Lookups Fail

With BOSH DNS, every BOSH-deployed VM has a DNS server. In large PCF installations, this DNS server may hang or DNS lookups may fail when the VM experiences too many DNS lookups in a short amount of time.

This error is caused by a race condition and deadlock in the VM’s DNS server.

To fix this problem, run monit on the VM with failing DNS to restart its bosh-dns process.

Error When Importing Xenial Stemcell

Ops Manager v2.2.0 and later support Xenial stemcells. However, the Ops Manager UI returns an error when you attempt to import a Xenial stemcell.

As a workaround, you can upload the stemcell and assign it to a product using the Ops Manager API.

If a remote S3 blobstore uses a privately signed SSL certificate, operators see an error when configuring the BOSH Director to use an S3 blobstore.

The error reads: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) Unable to verify certificate. This may be an issue with the remote host or with Excon. Excon has certificates bundled, but these can be customized:

This error appears because Ops Manager attempts to validate the S3 blobstore by testing the SSL certificate. Ops Manager does not use trusted certificates to make this connection, so the connection fails.

A workaround is available for this issue. Operators can install the public CA certificate directly into the OS config of Ops Manager by following these steps:

SSH into the Ops Manager VM.

Copy the public CA certificate into /etc/ssl/certs.

Run sudo update-ca-certificates -f -v. This installs the new CA certificate.